Secure time synchronization is critical for operations that depend on accurate timing, including packet captures, logging, and certificate validation. You can enable Network Time Protocol (NTP) authentication to confirm that NTP packets originate from a trusted server and haven’t been tampered with in transit. Palo Alto Networks supports NTP authentication using the symmetric key or Autokey method. However, the Autokey method itself is insecure, and symmetric key authentication relies on the legacy hashing algorithms MD5 and SHA-1.

PAN-OS® 12.1.2 adds support for SHA-256 and SHA-512 symmetric key authentication. These algorithms are more secure than MD5 and SHA-1 and enhance the integrity of NTP communications. If you authenticate NTP servers using Autokey, switching to the symmetric key method with these modern algorithms offers immediate security improvements and maintains seamless time synchronization.